NXDOMAIN redirection in BIND 9.9
Matus UHLAR - fantomas
uhlar at fantomas.sk
Mon Oct 3 14:48:19 UTC 2011
>On 9/30/2011 6:21 PM, Shawn Bakhtiar wrote:
>>"We came to the conclusion that no matter how much we wanted it to
>>not be true, people find a way to do NXDOMAIN if they want to. The
>>issue is not ours to push, it's between the ISP and the customer
>>ultimately, and people will do it -- and more intrusively -- than
>>BIND 9.9 will."
>>
>>That is just giving in. To what WILL end up being akin (is akin) to
>>taking away access. The argument that everyone is doing it so let's
>>just facilitate it is a bad one. This is a cave in to bad behavior
>>which borders on freedom of speech violation, since your
>>sanctioning the ability to arbitrarily redirecting (without
>>redirecting) content. Important part being the sanctioning of.
>>
>>http://en.wikipedia.org/wiki/DNS_hijacking
On 30.09.11 19:43, David Miller wrote:
>You get to run your network how ever you like. This is your right.
>Turn the feature on if you like -or- make sure it is off if you don't
>like it.
and he can blame ISC for providing the feature at all.
>You don't get to tell others how to run their networks. Well... you
>can tell them, but they don't have to listen to you...
He does, and (for example) you listen.
>Many organizations want to do NXDOMAIN redirections on their
>resolvers on their own internal networks or on guest wireless
>networks or on whatever networks they control for whatever reasons
>they like.
and most of them are invalid, ill and sick. This won't change,
especially since we can expect more of people do it now, when ISC
provides a way do to it.
>Other resolvers have had the ability to do NXDOMAIN redirections for
>many years. The pressures keeping ISPs from implementing NXDOMAIN
>redirections has never been the fact that BIND didn't support it.
I hoped that ISC stays out of the world where companies will break
DNS to do something it is not designed for. Now I see it doesn't.
Bad.
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I'm not interested in your website anymore.
If you need cookies, bake them yourself.
More information about the bind-users
mailing list